Vulnerability
Sonicwall SOHO firewall
Affected
Sonicwall SOHO firewall
Description
'Raptor' found following. He noticed that using a very long
string (some hundreds of chars) as the User Name in the auth page
of the Sonicwall web server, the firewall reacts strangely: it
begins to refuse connections to the 80/tcp port and it stops
routing packets from the internal LAN. After about 30 seconds it
apparently returns normal.
'Raptor' verified this behaviour on Sonicwall SOHO firmware
version 5.0.0, ROM version 4.0.0. Anyway access to the
configuration web server from the external network is NOT enabled
by default.
Doing some additional tests 'Raptor' discovered that the thing
reboots also when it receives "strange" HTTP requests. For
example:
voodoo:~$ telnet 192.168.87.112 80
Trying 192.168.87.112...
Connected to 192.168.87.112.
Escape character is '^]'.
GET
(then press <CR>)
It works also with POST method: after some seconds the Sonicwall
SOHO is rebooted.
Solution
SonicWALL, Inc. has released a firmware patch to address this
issue. To receive this firmware patch, please contact SonicWALL
support (http://techsupport.sonicwall.com/swtech.html) and
reference bugtraq id 2013.